Jump to content

Aaron Outhier

Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Aaron Outhier

  1. First step will be to find an uncompromised work area and an uncompromised computer. Put your phones and other devices into airplane mode, and reinstall the latest software onto your phones. For an iPhone or iPad, use iTunes for PC or a fresh, new Mac. You are going to need to backup, erase, and reload the OS/firmware/etc. on all of your devices. Clear your calendar one weekend. Do not restore any backups at first - wait until they can be checked an scanned for problems. That'll come later. Understand that a remote attacker needs access to something inside your home, or whatever in order to launch his attacks. If a single compromised device remains when you're done, you'll be doing all of this again in 6 months. Be thorough. You will need a small collection of empty flash drives, 16 GB or better. You will also need at least one high-capacity, external hard drive to hold your backups. If you use Windows PCs at home, go to Microsoft's website and grab the Media Creation Tool. Run it, and and select the option to download a copy of windows for use on another pc, or whatever the wording says that is similar. Also select to save directly to your USB disk. Make sure you have a blank usb drive to use. The windows installation files are about 8 GB, so plan to be there a while. Use a USB 3 port + drive if possible to speed up the file copy process. Find and install a good backup program. AOMEI has a decent free one that I've used for years, but get what works for you. https://www.ubackup.com/ for AOMEI. There are many great alternatives. Backup your home folders on each computer at least. If you have enough room, you may opt to make a full image backup of the internal drive. Unplug your router and any other Internet connections/devices. Restore each device one-by one. Grab another flash drive, and download the WSUS Offline tool to your desktop, etc. and extract. https://www.wsusoffline.net . Extract and run. Download updates for the Windows OS' you use, and then select to copy them to your flash drive. Also grab the latest firmware for everything you can find, starting with wireless routers, and also including security cameras, printers, TV set-to-boxes, et. al. When you reflash the router, be sure to unplug the uplink to the outside world temporarily. As for drivers, Windows installer has many of the essential network drivers bundled, and from there, windows update can get whatever else you might need. Failing that, try snappy driver installer. It can be loaded, along with the updates, onto, you guessed it, a flash drive! https://sdi-tool.org . If you happen to be in the greater Los Angeles area, send me a DM, and I can help you directly, if desired. Otherwise, we can discuss this more after daybreak. My eyes are getting heavy now. It's 3 AM.
  2. Managed to fix the problem, without a serial terminal or any jtag stuff. Fortunately, the filesystem corruption was minor. I was able to locate the recovery partition and run fsck on it to repair. Then, I forced a factory reset to format the main partition and unpack the version 1.1 firmware. I of course then updated the Croc to the latest version. Issue seems to be solved.
  3. Sounds to me like he wants a network equivalent of a "continuity tester". Something to broadcast a continuous data stream, and then check on a remote device if he is receiving that stream. OP: Although that may seem like a simple enough task, I suspect it will actually be harder to implement this than you might think. Your receiving device can be set to continuously check the signal strength and quality and log that info to a file, possibly with GPS coordinates thrown in for good measure. (GPS receiver require for that last part, of course).
  4. English Translation: In other words: It's the UAC prompt.
  5. Yeah, I'll say it's not as active! 158 views, but only 1 response. I don't think the site has had 150+ bots/web crawlers in the last month, but less than 10 users. Someone's been looking. Don't get me wrong, I'm not getting butt-hurt over it or anything. I realize it would be a boat-load of work for the devs to implement. Would just like some feedback as to whether or not this would be useful to anyone here. As for Discord, I read much too slowly... Messages scroll off the screen before I can finish reading them.
  6. Still corrupted in the same locations after factory reset. 😩😭
  7. Update: I figured out how to do a factory reset. Re-added my config.txt and device.conf. Then shut it down. I'll have to test it at some point. More to come.
  8. The response here is much more eh, underwhelming, than I expected. Oh well? Seemed like a great idea to me. 🤷‍♂️
  9. Hypothetical situation: What if someone had a Bash Bunny, a LAN Turtle, a Packet Squirrel, a Key Crock, and a WiFi Pineapple, all connected to Cloud C2, and all deployed at a remote location? Would that gain that person anything more than having them at separate locations, or having them without C2? These are Linux boxes, so why not? Why not? Because nothing major has been implemented here? What if a Bash Bunny, Key Crock or maybe even a Signal Owl, could grab the Preferred Network list from a computer and send it say, over a VPN to C2, and then use that to communicate that info to the rest of the devices planted on site for a Pen Test? That raises the question: How would the Key Crock Signal Owl, and Screen Crab obtain that info, if the WiFi key isn't known prior to the deployment of those devices. Yes, they can all store their loot offline, but they couldn't participate in a coordinated attack that way, could they? Well, what if the Pineapple could act as a secure WiFi gateway? This would require WPA2 or WPA3 protected AP support on the Pineapple, and verification that the device connecting is a real Hak5 product. It would also require a USB LTE dongle, Cell Phone, or other long-range wireless uplink, but I think it's very possible to do. Imagine keeping the Pineapple with you, and walking up (or driving up) outside the building. Alternately, the Pineapple could be planted inside along with the other items. Granted, this would be quite a bit of work to implement. I do have a few ideas about to authenticate devices to the Pineapple, to help ensure someone isn't trying to "hack your hack".
  10. Well, I got my Mark 7 in the mail yesterday, after waiting 10 days for it to arrive. (I should know better than to order late on a Friday, but I digress)... I got it up and running, but I must say I was just a bit disappointed in a few things. Overall, I do like it! Just a few minor things I don't like. I am a bit disappointed in the lack of plugins. I must put credit where credit is due however. I first came into the Hak5 & WiFi Pineapple scene about 2 years ago. The Mark VI Nano and Tetra were more established then than the Mark 7 is now. I kind of suspect there were similar delays getting plugins last time around also. Good things come to those who wait. Then there is the issue of the Pineapple doesn't work locally if the C2 platform is configured on it. I hope that is a temporary workaround for another issue and gets fixed soon. I have an idea for the Pineapple that I think will be awesome! It will require some extensive software modifications however, and would be quite an undertaking for the Hak5 team. More on this in another post. What would be really incredible, however, is a plug-in system that could be accessed in the C2 system. Like, so that plugins could be accessed & triggered from the C2 panel
  11. Ahh, now I understand. Thank you, but I don't have any shortage of Raspberry Pis right now. I have a 2b, a 3b, 2x 3b+, and a 4 with 4GB model. I haven't ever bothered with the W series. I haven't checked, but I suspect you can grab a older model, like the 3b or 3b+ for under $30. for the bare board. I've been able to setup a cron job to update the system in the middle of the night in past projects, when I don't want to mess with manual updates. Not as many people awake between 2 & 4 AM, and since it is automated, I don't have to be either.
  12. Looking back at your original post, I see you answered the questions I just asked. I would absolutely use a Raspberry Pi. Do you need to access/view/edit specific files from a list, ie. "live access" of the flash drive data, or are you trying to grab a copy of all of the data from the remote drive and get it to a local machine? If the former, try nextcloud server for Raspberry Pi. If the latter, use rsync from the command prompt or equivalent. Both options will require port forwarding on the remote router. If no port forwarding, setup an openvpn cloud server on Linnode, Vultr, or Digital Ocean, and connect both the remote Pi and your local machine to it, then connect to it over the OpenVPN interface.
  13. Ok. Does it matter where the data ends up, so long as you can access it? I mean, does it have to go through a key croc? Have you heard of something like NextCloud? I admit I'm not sure if that would work for your specific purpose, but might be worth looking into. I am guessing the data is at a remote location?
  14. No. I believe those are all for video cards. The letters 'fb' at the end would indicate "frame buffers". I also recognize several name brands of old video cards mentioned. Leave the blacklists alone. Good job being thorough in your research. If you want to know about a specific module, try 'modinfo <modulename>'
  15. Was I dreaming, or did I see you say somewhere that you're trying to recover data from a flash drive? If so, don't mess with the key croc for that. Use an actual computer! There are some custom linux distros that can run direct from a CD or (a different) usb drive, so you don't need to permanently install anything on the computer.
  16. Do you mean how long have I had it? Since about 2 weeks after it was announced. I don't recall exactly when. My sense of time passing terrible.
  17. https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc I have been on the latest version since the day it was released.
  18. Hello. after months of bizarre problems with my KeyCroc, I finally realized that my flash filesystem is corrupt. root@croc:~# e2fsck -fn /dev/nandd e2fsck 1.42.12 (29-Aug-2014) Warning! /dev/nandd is mounted. Warning: skipping journal recovery because doing a read-only filesystem check. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information Free blocks count wrong (505705, counted=505574). Fix? no Free inodes count wrong (168264, counted=168259). Fix? no /dev/nandd: 44728/212992 files (0.1% non-contiguous), 346263/851968 blocks Is there any way I can force an e2fsck during boot, or perhaps cause a complete rewrite/replacement of flash data? I have already tried reinstalling the latest firmware. I have also tried erasing the entire udisk and then copying over the flash file, before rebooting. The firmware does complete 100%, or at least it appears to. I also verified the sha256sum before applying it. It seems that my entire /lib/modules folder is missing.
  19. fdisk -l isn't going to work. I suspect you need another module before it will. It would seem that I have problems of my own. My KeyCroc filesystem is corrupt. I suppose it is my turn to ask for help...
  20. xhci means USB 3, ehci means USB 2. The Key Croc is USB 2 only, so it will always show up as ehci.
  21. It won't appear there, because modprobe can't load the usb-storage module. Seems like the entire modules folder is missing.
  22. I suspect it is more of a mistake/oversight from Hak5 people. Their products don't have every feature imaginable when you open the box, but it is supposed to be easier to add the stuff you need. Usually, a flash drive shows up as /dev/sdX, where X can be different for different people.
  23. Agreed. It would take much more than leaving it running to make it burn up/burn out/whatever. If you're leaving Open APs turned on, however, you might be inviting your neighbors to free WiFi. Keep your filters on, and check for unknown clients. If you want to be sure of that when you're not home, you can setup a C2 server in the cloud. A cloud server can be had for about $5/month these days. Then again, it might also be overkill. Depends on your needs.
  • Create New...